Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior — CVE-2026-42199
GitHub · GitHub · CVE-2026-42199
ID
CVE-2026-42199
CVE-2026-42199
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6.2
6.2
EPSS
0.00012
0.00012
Summary
### Summary An integer overflow in `Grid::expand_rows()` can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. ### Details Tested Version: grid = "1.0.0" expand_rows() computes the new backing length using unchecked arithmetic:…
Product
rust: grid
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.